search for: security_hardening

...replace the existing config file instead. Instead of configuring every application separataly it would be nice if "accepted levels of security" could be set system wide. With 8 it seems there is such a thing https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Although I believe that FIPS mode is also available in 7 I did not used neither system wide cryptographic policies nor FIPS mode so my post is more the theoretical one, but I thought it is on topic. -- Kind Regards, Markus Falb

...ould be bothered to think through all of the use cases, combinations, and implications. Who is that central organization? Are you sure their notions match your own? > With 8 it seems there is such a thing > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening > > Although I believe that FIPS mode is also available in 7 That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago. FIPS 140-3 just barely became effective a few weeks ago, which means it won?t be considere...

Hi, I am running the below servers on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # How do I enable strong KexAlgorithms, Ciphers and

HI all, When CentOS 7 was created things like SSLv2 TLSv1 TLSv1.1 etc... were all OK, but now they have fallen out of favor for various reasons. Updating to CentOS 7.7 does not automatically disable these types of items from apache - is there a script that is available that can be ran to bring a box up to current "accepted" levels ? Or is that an edit by hand, do it yourself on all your

...read. Who defines what is old ? What about best practices like disable SSLv3 or TLSv1? Could the authority be the community or some common knowledge? > >> With 8 it seems there is such a thing >> >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening >> >> Although I believe that FIPS mode is also available in 7 > > That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago. If I look at the comparison table from the link above FIPS mode does not...

...o policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they happen to already be part of an existing policy, like FUTURE). https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3449 bytes Desc: S/MIME Cryptographic Sig...

...fying sshd's behaviour, and it would likely be the *preferred* > method to inject your intended config changes *there* (unless they > happen to already be part of an existing policy, like FUTURE). > > > https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening > > Kind regards, > -- > Jochen Bern > Systemingenieur > > Binect GmbH > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists...